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31 REMARKS 

32 The Examiner has rejected claims 2, 5-9, 1 1 and 14 over a combination of U.S. 

33 patents to Win (US 6,453,353) in combination with Vaid et al.(US 6,047,322) and 

34 McGrane et al (US 6,496,927). 

35 As stated in the MPEP at 2143, there are three basic elements to the prima facie 

36 obviousness case: 

37 2143 Basic Requirements of a Prima Facie Case of 

38 Obviousness 

39 To establish a prima facie case of obviousness, three basic criteria must 

40 be met. First, there must be some suggestion or motivation, either in the 

41 references themselves or in the knowledge generally available to one of ordinary 

42 skill in the art, to modify the reference or to combine reference teachings. 

43 Second, there must be a reasonable expectation of success. Finally, the prior art 

44 reference (or references when combined) must teach or suggest all the claim 

45 limitations. 
46 

47 The teaching or suggestion to make the claimed combination and the 

48 reasonable expectation of success must both be found in the prior art, not in 

49 applicant's disclosure. In re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir. 

50 1991). 
51 

52 2143.01 Suggestion or Motivation To Modify the 

53 References [R-5] 

54 

55 I. THE PRIOR ART MUST SUGGEST THE DESIRABILITY 

56 OF THE CLAIMED INVENTION 

57 

58 "There are three possible sources for a motivation to combine references: 

59 the nature of the problem to be solved, the teachings of the prior art, and the 

60 knowledge of persons of ordinary skill in the art." In re Rouffet, 149 F.3d 1 350, 

61 1357, 47 USPQ2d 1453, 1457-58 (Fed. Cir. 1998) (The combination of the 

62 references taught every element of the claimed invention, however without a 

63 motivation to combine, a rejection based on a prima facie case of obvious was 

64 held improper.). The level of skill in the art cannot be relied upon to provide the 

65 suggestion to combine references. Al-Site Corp. v. VSI Int'l Inc., 174 F.3d 1308, 

66 50 USPQ2d 1161 (Fed. Cir. 1999). 
67 

68 "In determining the propriety of the Patent Office case for obviousness in 

69 the first instance, it is necessary to ascertain whether or not the reference 

70 teachings would appear to be sufficient for one of ordinary skill in the relevant art 

71 having the reference before him to make the proposed substitution, combination, 
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72 or other modification." In re Linter, 458 F.2d 1013, 1016, 173 USPQ 560, 562 

73 (CCPA1972). 
74 

75 Obviousness can only be established by combining or modifying the 

76 teachings of the prior art to produce the claimed invention where there is some 

77 teaching, suggestion, or motivation to do so >. In re Kahn, 441 F.3d 977, 986, 78 

78 USPQ2d 1329, 1335 (Fed. Cir. 2006) (discussing rationale underlying the 

79 motivation-suggestion-teaching requirement as a guard against using hindsight in 

80 an obviousness analysis). The teaching, suggestion, or motivation must be< 

81 found either explicitly or implicitly in the references themselves or in the 

82 knowledge generally available to one of ordinary skill in the art. "The test for an 

83 implicit showing is what the combined teachings, knowledge of one of ordinary 

84 skill in the art, and the nature of the problem to be solved as a whole would have 

85 suggested to those of ordinary skill in the art." In re Kotzab, 217 F.3d 1365, 1370, 

86 55 USPQ2d 1313, 1317 (Fed. Cir. 2000). See also In re Lee, 277 F.3d 1338, 

87 1342-44, 61 USPQ2d 1430, 1433-34 (Fed. Cir. 2002) (discussing the importance 

88 of relying on objective evidence and making specific factual findings with respect 

89 to the motivation to combine references); In re Fine, 837 F.2d 1071 , 5 USPQ2d 

90 1596 (Fed. Cir. 1988); In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 

91 1992). 

92 Claims 2 and 5-9 all depend from claim 1 1 . Claim 1 1 includes the following 

93 limitations (in bold) which, taken as a whole, are not taught by Win in combination with 

94 Vaid and McGrane et al. 

95 a firewall device connectable between a first data network and a 

96 second data network, 

97 said firewall device further comprising a network security 

98 application of the firewall device monitoring traffic passing 

99 through the firewall device between said first data network and 

1 00 said second data network, 

1 0 1 said firewall device further comprising a full management user 

1 02 interface which comprises mechanisms for conducting management 

1 03 operations for said network security application of said firewall device 

1 04 over a secure data connection, from a full management station 

105 managing a plurality of firewall devices and 

1 06 said firewall device further comprising a wireless 

1 07 communication interface module connected directly to said 

1 08 wireless communication device and configured to provide for a 

109 remote wireless device a limited management user interface for 

1 1 0 conducting a limited number of management operations of said full 

1 1 1 management user interface for the network security application over 

112 a wireless remote connection established via said wireless 

1 1 3 communication device directly between said wireless 

1 14 communication interface module and said remote wireless device 

1 1 5 without accessing said full management station. 

116 On page 3, lines 3-6 of the office action, the Examiner alleges that Win teaches at 

117 Column 26, lines 29-39 that a management system can be accessed via a wireless link 
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118 through a communication interface that, since it is coupled to the bus, is directly 

119 connected. However, from Column 26, lines 29-39, it is clear that the computer 900 

120 in Figure 9 not a firewall device or any other device which is connectable between 

121 a first data network and a second data network, as recited in claim 11. Therefore, 

122 Win et al. fail to teach "a firewall device connectable between a first data network 

1 23 and a second data network" as recited in claim 1 1 . 

124 To the opposite, the computer 900 is a host or server connected to a local area 

125 network via wired or wireless netowrk link 920 which is the only conection link and 

126 interface the computer 900 has got. The computer 900 is not connected between two 

127 data networks, such as the internet 928 and the local area network 922 as it would be if 

128 it were a firewall. It is apparent therefore that the computer 900 is not a firewall. 

129 Further, computer 900 does not have a network security application executing on 

130 it so as to control the computer 900 to monitor traffic passing through the computer 900 

131 on its way between the first data network and the second data network (such as the 

132 internet 928 and the local area network 922) as called for in claim 1 1 . 

133 In addition, computer 900 does not have a secure data connection for a full 

134 management user interface on a full management station, as called for in claim 1 1 . 

135 Further, computer 900 does not have a wireless remote connection with a 

136 wireless communication device directly connected to a wireless communication interface 

137 module of the computer 900 so as to provide a limited management user interface 

138 wirelessly on the wireless device, as called for in claim 1 1 . 

139 In Figure 9 of Win et al., only the internet service provider, ISP 926 is connected 

140 between two data networks, namely the internet 928 and the LAN 922. 

141 Win et al. discloses a method for secure user access to authorized web 

142 resources based upon the user's role in the organization that controls the web 

143 resources. The access is provided and managed by an access server and a registry 

144 server that manages access to administrative information about user resources and 

145 roles of the users. 

146 Importantly, Win et al. does not disclose that the device 900 is a firewall. 

147 The Examiner alleges that Win et al. teach general management of system 

148 nodes in the network architecture, including the firewall. However, the Examiner has not 

149 shown where such a teaching is made in Win et al., and that is required to make out the 

150 prima facie case. The Examiner must show where each and every limitation in claim 1 1 
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151 is found in the combination of the references and, must show how suggestion exists to 

152 modify a reference or combine teachings from multiple references along the lines of the 

153 claimed invention. 

154 According to Win et al., an access server and a registry server manage and 

155 control a secure user access to authorized web resources, i.e., web servers. Win et al. 

1 56 do not teach a management of any node. 

157 Win et al. actually teach away from the invention, because, although Win et al. 

158 mention firewalls, the firewall is explicitly disclosed as a device different from the access 

159 server and the registry server (see Col. 21 , lines 59-67). The computer 900 in Figure 9 

160 is not a firewall because it is not connected between the internet and the local area 

161 network. 

162 The Examiner admits that the managed device is not a firewall, and refers to the 

163 Abstract of Vaid et al. as teaching a network application for management of a plurality of 

164 firewalls on a network. What Vaid et al. teach is to reconfigure all firewall/QOS (quality 

165 of service) servers from a central administration point via directory services. Further, 

166 Vaid et al. explicitly teach that a single point of administration for multiple firewalls 

167 provides significant advantages over logging into each firewall server and modifying the 

168 configuration information individually. 

169 A person skilled in the art, upon reading the disclosure of Vaid et al. would not 

170 have had any motivation to provide: an individual firewall in the system of Win et al.; with 

171 an additional wireless communication interface module connected directly to the firewall; 

172 and configured to connect wirelessly to a remote wireless communication device; so as 

173 to provide a limited management user interface for conducting a limited number of 

1 74 management operations of the full management user interface for the network security 

1 75 application of the firewall device. 

176 To the opposite, the skilled person would have relied on a data connection over a 

177 data communication network from a central administration point. Thus, Win et al., 

178 modified using the teachings from Vaid et al. cited by the Examiner would still fall short 

1 79 of the collection of limitations of the claimed invention of Claim 1 1 since the limitations 

180 pointed out above are not in the combination of Win et al. and Vaid et al.. 

181 Claim 1 1 has been amended slightly voluntarily to improve the form and clarity of 

182 the claim to make it clear that the communication module is directly connected to the 

183 firewall and wirelessly connected to the wireless communication device. 
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184 The Examiner further alleges that McGrane discloses maintaining a limited user 

185 interface within a managed device such as a firewall. McGrane relates to a totally 

186 different technical field, namely to an arrangement for conrolling domestic entertainment 

187 electroncis by an infrared control unit. There would have been no suggestion to 

188 combine the teachings of McGrane, which relates to domestic entertainment electronics, 

1 89 to the system of Win et al., which relates to management of access to web resources. 

190 The claimed invention relates to providing a limited functionality wireless interface to a 

191 network security application which is normally managed from a full management 

192 interface. 

193 Even if a person skilled in the art were to have considered the teachings of 

194 McGrane, despite the fact that it is from a different technological field, the person skilled 

195 in the art would have rejected the teachings of McGrane for inclusion in a combination 

196 with the other two references. Why? In McGrane, the IR controller sends infrared 

197 signals to a centralized control unit which responds to these infrared signals by sending 

198 commands to respective ones of a plurality of controlled devices. Thus, each controlled 

199 device has a single wired control interface to the centralized IR control unit. If a person 

200 skilled in the art would have applied this teaching to the teachings of Win et al and the 

201 other reference, the person skilled in the art would controlled the access server or/or 

202 registry server by an infrared controller, i.e., from a single point of administration. The 

203 person skilled in the art would not have: 1) directly controlled the web servers or any 

204 other device in the network from the full management interface of the network security 

205 application via a secure communication channel and a full management station, and 2) 

206 further provided an additional limited functionality management interface via a wireless 

207 communication interface in addition to a connection over a data network, i.e., a 

208 communication interface to the network security application via a wireless 

209 communication interface module directly connected to the firewall and a communication 

210 device wirelesslv connected to the wireless communication interface module, as called 

211 for in claim 11. 

212 Claim 14 claims a system which also has the full management interface of a 

213 network security firewall application over a secure data connection (not wireless) and the 

214 limited functionality wireless management interface to perform a limited subset of 

215 management functions of a network security firewall application. Therefore, all the 

216 arguments made above with regard to claim 1 1 apply equally to claim 14. 
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217 Therefore, no suggestion exists here to support the obviousness rejection, 

218 because there is no likelihood of success which would be perceived by one skilled in the 

219 art of solving the problem the inventor solved by making the combination. There would 

220 be no perceived liklihood of success because even if the combination were to be made, 

221 the combination would still not have all the limitations of claim 1 1 which are needed to 

222 solve the problem. Because some of the limitations needed are missing from the 

223 combination of prior art references, the combination would not solve the problem the 

224 inventor solved. Therefore, a person skilled in the art would not be motivated to make 

225 such a combination. Such a combination of teachings from disparate references is the 

226 essence of a hindsight reconstruction of a facsimile of the claimed invention and does 

227 not legitimately support an obviousness rejection of claims 11, 14 or any of their 

228 dependent claims which would include claims 3. The addition of the Ramachadran et 

229 al.; patent (US 5,978,850) does nothing to supply the missing limitations from the 

230 combination of Win et al, Vaid et al. and McGrane et al. Ramachadran et al. teach a 

231 system where alarms must be retransmitted if no acknowledgment is received ensuring 

232 that alert messages are not lost. This does nothing to remedy the lack of teaching of all 

233 the claim limitations noted above in the combination of the other three references 

234 applied against claim 1 1 so those missing limitations are still missing from the 

235 combination of Win et al, Vaid et al. and McGrane et al. and Ramachadran et al. 

236 The same argument applies to the rejection of claim 4. Gillies et al. teach a 

237 monitoring system wherein the monitoring function being used by the administrator may 

238 be configured to filter out selected items from the log file for viewing. The addition of the 

239 Gillies et al. patent US 6,253,21 1 does nothing to remedy the lack of teaching of all the 

240 claim limitations noted above in the combination of the other three references applied 

241 against claim 1 1 so those missing limitations are still missing from the combination of 

242 Win et al, Vaid et al. and McGrane et al. and Gillies et al. 
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243 

244 Because it is essential to the prima facie obviousness case, that all the limitations 

245 in the claim be found in the combination of references and that there be suggestion to 

246 make the combination, the obviousness rejection of claim 1 1 and its dependent claims 

247 should be withdrawn. The undersigned hereby respectfully requests the Examiner to 

248 withdraw the obviousness rejection of claims 2, 5-9, 1 1 and 14. 

249 Respectfully submitted, 

251 Dated: December 22, 2007 <^^^cSlQ C . 7^ ^ J>C 

252 Ronald Craig Fish 

253 Reg. No. 28,843 

254 Tel 408 866 4777 

255 
256 
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